WO2002017596A2 - Serveur reparti securise dans un reseau non securise - Google Patents

Serveur reparti securise dans un reseau non securise Download PDF

Info

Publication number
WO2002017596A2
WO2002017596A2 PCT/US2001/041937 US0141937W WO0217596A2 WO 2002017596 A2 WO2002017596 A2 WO 2002017596A2 US 0141937 W US0141937 W US 0141937W WO 0217596 A2 WO0217596 A2 WO 0217596A2
Authority
WO
WIPO (PCT)
Prior art keywords
remote storage
request
storage element
network
network server
Prior art date
Application number
PCT/US2001/041937
Other languages
English (en)
Other versions
WO2002017596A3 (fr
Inventor
David C. Steere
Steven W. Otto
Dylan J. Mcnamee
Michael Stupak
Original Assignee
Truedisk.Com, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Truedisk.Com, Inc. filed Critical Truedisk.Com, Inc.
Priority to AU2001289168A priority Critical patent/AU2001289168A1/en
Publication of WO2002017596A2 publication Critical patent/WO2002017596A2/fr
Publication of WO2002017596A3 publication Critical patent/WO2002017596A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention pertains to the field of networking. More particularly, this invention relates to providing a secure distributed server in an insecure network. Background
  • Networks continue to revolutionize business, entertainment, communications, and countless other aspects of every day life.
  • the potential uses for networks appear to be virtually unlimited, especially for public networks such as the Internet.
  • Large network servers may need to provide millions of web pages worth of data to millions of simultaneous network clients.
  • Security, convenience, and scalability to accommodate increasingly larger volumes of data and data traffic are but a few of the challenges facing network server designers.
  • a private network may be used to create a distributed network server.
  • Resources within the private network are shared to service requests received from another network.
  • a company may maintain a private local area network (LAN).
  • the private LAN may include one or more file servers to store the company's data.
  • the LAN may also include an internet interface coupled to the public Internet to receive requests from Internet clients. Client requests can be processed by retrieving data from file servers in the private LAN.
  • a distributed network server may be less expensive and more scalable up to a certain point. For instance, if the existing number of file servers is insufficient to store the volume of data needed, it may be possible to add another file server to the private LAN to store the excess volume. If, however, the data rate of the private LAN is insufficient to keep up with the volume of data traffic, or if the private LAN cannot support an additional file server, upgrading the entire private LAN can involve large investments in new hardware and software.
  • a virtual private network network entities in a public network use various protocols, cryptography, and the like to share information among themselves in the public network with a heightened degree of security. For instance, an employee may access his or her company's computer from home by establishing a "tunneling" session through the Internet.
  • the Internet is a public, insecure network so anyone can access the network and intercept data.
  • the tunneling session creates a virtual private connection between the employee at home and the company's computer. Data sent through the tunnel can be cryptographically encoded to protect it if it is intercepted along the way.
  • a virtual private network Using virtual private network technology, multiple servers can be networked together to share server resources to create a distributed network server. Compared to a single large-scale computer or a private LAN, a virtual private network is usually more scalable. For instance, a virtual private network utilizes available public network resources. If a distributed network server needs to support a higher data rate among its networked servers, a higher data rate can often be achieved by simply buying more bandwidth from a public network service provider. Furthermore, if the existing number of networked servers is insufficient to handle the volume of data or data traffic, using public network resources allows a virtually limitless number of additional servers to be added to the virtual private network to take on the excess volume.
  • a virtual private network has a number of drawbacks.
  • a virtual private network may be particularly susceptible to hacker attacks.
  • Each of the multiple servers that make up the distributed network server in a virtual private network monitors a port coupled to the public network for requests either from network clients or other networked servers. Once a hacker knows the address of one of the ports on the public network, the hacker can repeatedly send data to that network port until the hacker finds some combination of data to which the corresponding server will respond.
  • the distributed network server Since each networked server monitors a port, the distributed network server provides multiple points for a hacker to attack, and the entire distributed server may only be as secure as its weakest link. That is, if one of the networked servers falls prey to a hacker, the hacker may be able to access the other networked servers through the virtual private network.
  • each networked server needs to provide its own security to defend against hacker attacks.
  • Any number of hardware and/or software solutions, or firewalls, can be used to provide security.
  • Security is difficult to get right.
  • a determined and resourceful hacker can take advantage of virtually any loophole in a firewall.
  • Security solutions that minimize loopholes tend to be expensive, and the cost is compounded in a distributed network server that relies on virtual private network technology because each networked server is likely to need the same security solution.
  • a network server often requires more robust, more expensive hardware and software than a network client because a server needs to perform functions like monitoring one or more network ports, recognizing appropriate requests from potentially thousands or even millions of requests received each day, processing large numbers of requests in any number of ways, and issuing large numbers of responses to requests.
  • Clients do not respond to requests. Instead, clients merely issue requests and wait for corresponding responses.
  • FIG. 1 illustrates one embodiment of the present invention.
  • Figure 2 demonstrates one embodiment of the present invention from the perspective of a network server manager.
  • Figure 3 demonstrates one embodiment of the present invention from the perspective of a remote storage element.
  • Figure 4 illustrates one embodiment of a hardware system.
  • Figure 5 illustrates one embodiment of a machine readable storage medium.
  • server generally refers to one or more machines running server software to service requests received from other machines.
  • client generally refers to one or more machines running client software to request service from a server.
  • the present invention comprises a secure distributed server in an insecure network.
  • various embodiments of the present invention improve network server scalability, convenience, and security.
  • the present invention separates fairly straight forward aspects of network server functionality that are resource intensive, such as data storage and processing, from comparatively complex or mundane functions that are less resource intensive, such as server security and client account management.
  • Figure 1 illustrates one embodiment of the present invention.
  • Insecure network 140 includes a network server manager 110, a number of remote storage elements 120, and a number of network clients 130.
  • network server manager 110 and remote storage elements 120 together comprise a distributed network server to service requests from network clients 130.
  • network server manager 110 primarily performs administrative functions that are not particularly resource intensive, such as server security and client account management.
  • the remote storage elements 120 perform more resource intensive functions, such as distributed data storage and processing.
  • Manager 110 and storage elements 120 communicate with one another through the insecure network 140. However, they do not rely on virtual private network technology (having all the associated drawbacks) to provide security in the insecure network 140.
  • the remote storage elements 120 do not monitor their respective network ports for requests.
  • the remote storage elements 120 are essentially immune from hacker attacks. That is, a hacker can send as much data as he or she wants to a remote storage element. The hacker will not receive a response because the remote storage elements simply are not "listening" to requests.
  • the network server manager 110 essentially directs traffic between network clients 130 and remote storage elements 120 so that clients 130 and elements 120 never have to communicate directly with one another.
  • Network clients 130 send requests to network server manager 110 to be serviced by the distributed network server.
  • Remote storage elements 120 also send requests to network server manager 110.
  • a request from a remote storage element polls the network server manager 110 for any network client requests that are to be serviced by the respective remote storage element.
  • the network server manager responds to the respective remote storage element including whatever information the remote storage element needs to process any network client requests intended for the respective remote storage element that have been received and remain to be processed. If a network client request requires a response from the distributed network server, the remote storage element may send another request to the network server manager 110 after processing the network client request including whatever information the network server manager 110 needs to issue a response to the network client.
  • a remote storage element provides whatever information is needed to service a network client request
  • a remote storage element does not act like a server in the classic server sense. That is, a classic server monitors a port for requests that it can service because the server never knows when a request might be received.
  • a remote storage element only "listens" on insecure network 140 for a response to its own initiated request. Since it is not responsive to requests initiated by other network elements, it is essentially immune to hacker attacks.
  • network server manager 110 does monitor one or more ports coupled to insecure network 140 for requests initiated by other elements in the network. In which case, network server manager 110 is not similarly immune to hacker attacks. But, unlike a virtual private network in which each networked server requires its own security, network server manager 110 provides a single security portal for the entire distributed network. In other words, network server manager 110 is the only element in the inventive distributed server that needs a potentially expensive security solution. Virtually all of the security concerns for the inventive distributed network server can be shifted to the network server manager 110.
  • network server manager 110 is the only element in the distributed server that needs "server-like" hardware and software to monitor requests.
  • Each remote storage element 120 can be implemented using less expensive, less complicated "client-like” hardware and software. That is, each remote storage element 120 is essentially a client of network server manager 110.
  • the inventive distributed network server takes advantage of available network resources to provide communications among the various distributed server components. Improved data rates between elements can often be purchased and a virtually limitless number of remote storage units can be added to handle increases in data volume and data traffic.
  • the present invention provides an improved distributed network server.
  • the inventive server can be used for any number of purposes and can take any number of forms. A number of examples are discussed below.
  • a remote storage element 120 may also be a network client 130. For instance, when a remote storage element sends a request to network server manager to read data stored on another remote storage element, the request may be handled just like any other network client request.
  • the network server manager 110 can be implemented in any number of forms.
  • network server manager 110 may be a single computer, a private LAN, a virtual private network, or any combination thereof.
  • network server manager 110 only needs a relatively low amount of processing power to direct traffic between network clients and remote storage elements.
  • Remote storage elements 120 can also take any number of forms. For instance, a remote storage element may be anything from one or more large- scale computers down to a small hand-held device. Collectively, the remote storage elements 120 provide the bulk of data storage and processing power for the distributed storage.
  • Insecure network 140 may be any number of networks, such as the public Internet. In which case, communications among the components of the distributed network server can be implemented using standard internet protocols including requests and responses in, for instance, hypertext transfer protocol (HTTP).
  • network server manager 110 includes a number of administrative and security functions including firewall 150, a database of namespaces 160, client account management 170, and client request queues 180. Other embodiments may include any number of additional functions or may not include all of the illustrated functions.
  • Firewall 150 can be implemented in any number of ways. For instance, in one embodiment, firewall 150 comprises a computer that physically separates a private local area network (LAN) from the insecure network 140 so that components in the private LAN cannot be directly accessed from the insecure network 140. In another embodiment, firewall 150 is implemented in software on the same machine that performs the other functions of the network server manager 110. In either case, firewall 150 is intended to prevent unauthorized access to network server manager 110. Firewall 150 can use any number of approaches to authenticate and authorize access to the distributed server.
  • LAN local area network
  • the database 160 is used to route network client requests to respective remote storage elements.
  • the database defines a virtual memory that includes all of the remote storage elements. In which case, a network client does not need to know which remote storage element stores a particular piece of data. Instead, the network client merely needs to know the virtual address of the piece of data.
  • the network server manager 110 can identify the corresponding remote storage element and the data stored thereon.
  • entries in database 160 are namespaces.
  • a namespace is commonly used in internet applications to create and share data using the Extensible Markup Language (XML).
  • XML Extensible Markup Language
  • a namespace identifies a network address or Uniform Resource Locator (URL) at which information corresponding to the namespace can be found.
  • URL Uniform Resource Locator
  • network clients are able to access data on a number of different remote storage elements without knowing exactly where the data is located. This is called location independent naming.
  • a network client merely needs to know the name of the namespace in order to access the corresponding data. For instance, the data can be moved from one location to another and, as long as the corresponding name space is updated with the new location, a network client can still access the data based on the name of the namespace.
  • other distributed storage solutions often require clients to manually copy data directly from where it is stored and to manually manage consistency of data among storage locations.
  • adding storage and/or processing power to the inventive distributed network server can be as easy as adding additional remote storage elements and corresponding database entries.
  • any number of approaches can be used to map network client requests to remote storage elements.
  • database entries could be implemented in any number of ways including internet protocol (IP) addresses, port numbers, and the like.
  • Account management 170 can include a variety of management functions. For instance, if network clients have to pay for access to the inventive distributed server, account management 170 could set up accounts, track account activity, store account information either locally or in the remote storage elements, generate billing statements, maintain deposit account balances, and the like. Account management 170 could also include data mining, such as tracking the kinds of data particular network clients access, how often, and the like. Account management 170 could also manage activities such as adding and removing remote storage elements to the database 160, redistributing data among the remote storage elements to balance data loads and data traffic, for instance, as large volumes of data are stored or removed, or as remote storage agents are added or removed. Account management 170 could also include functions like matching network client requests to particular remote storage elements and queuing the requests in queues 180.
  • Queues 180 store network client requests for corresponding remote storage elements.
  • a queue may only store the request until a remote storage element polls the queue for requests. For instance, if the request is a request to store data, once the data is sent to the respective remote storage element, there may be no reason to continue storing the network client request.
  • the queue may continue to store the request until the information that is needed to complete the request is received from the corresponding remote storage element. Furthermore, rather than sending the entire request to a remote storage element, it may only be necessary to send an indication of the request, such as an address to be read.
  • the request may continue to be stored in the queue so that the network server manager can identify where the data is to be sent once the remote storage element returns the data.
  • Any number of queuing techniques can be used to track new network requests, network requests that are waiting for data from a remote storage element, and the like.
  • the present invention provides a large scale data sharing system.
  • Data from any remote storage device can be viewed, stored, and/or modified from any authorized network client.
  • many of the security concerns are shifted out to a third party, namely the network server manager 110.
  • each remote storage element only needs comparatively simple and inexpensive "client-like" functionality to participate in the data sharing.
  • the present invention is distinct from traditional third party network security.
  • traditional third party network security a client accesses a third party server to get authentication to access a target server.
  • the target server is still a server in the classic sense. That is, the target server monitors a port on the network and the client directly accesses the target server.
  • the target device is not a server in the classic sense but instead operates like a client in that it does not monitor a port.
  • the network server manager provides indirection between the network client and the remote storage element so that the two never have to directly communicate.
  • each remote storage element 120 includes a polling function 190.
  • Polling function 190 can be implemented in any number of ways, including hardware and/or software implementations.
  • the polling function 190 is "client-like" in that it initiates requests to a particular address of the trusted network server manager 110 in network 140 and waits for a response.
  • polling function 190 may poll network server 110 in any number of ways.
  • polling function 190 may automatically poll network server 190 at regular intervals.
  • the intervals may depend on factors such as the anticipated rate of data traffic for the corresponding remote storage element or the nature of the data traffic. For instance, for high volumes of data traffic or time critical data traffic, the polling function 190 may initiate requests several times per second.
  • the polling function 190 may also adapt the interval between requests over time according to configuration settings or automatically adopt as the volume of traffic appears to trend up or down. For instance, the interval may change at different times of day, or different times of the year, or as different kinds of data are stored to the remote storage element.
  • the polling function may automatically initiate requests at intervals whenever the remote storage element does have access or may only initiate requests when instructed to do so by a user. Again, determining when to initiate requests can depend on any number of factors such as convenience, available resources on the remote storage element, and the like. For instance, polling function 190 may be configured to initiate a request as soon as possible after establishing a connection to network 140, and at regular intervals thereafter, so that a user does not have to worry about it. If a remote storage element has very limited resources though, a user may not want to expend resources initiating requests and potentially receiving large responses from the network server manager.
  • Figure 2 demonstrates one embodiment of the present invention as seen from the perspective of a network server manager.
  • the network server manager identifies a remote storage element corresponding to the network client request.
  • the network server manager may include a database that maps virtual addresses to particular remote storage elements and particular storage locations within the particular storage elements.
  • a network client request may correspond to multiple remote storage elements where, for instance, the request is to read a large block of data and the block of data spans more than one remote storage element.
  • a network client request may correspond to multiple remote storage elements where, for instance, the request is to move data stored in one location in one remote storage element to another location in another remote storage element, or where the request is to process data in some other fashion at one remote storage element and to send a result to another remote storage element.
  • the network server manager also authenticates that the network client that sent the request is authorized to access the requested resources.
  • the network server manager may include a firewall.
  • the firewall may use any number of criteria to authenticate a network client request. For instance, the firewall may verify that a request came from a known network address and a known port number. A client may also need to provide a password or cryptographic key.
  • the network server manager will queue the request and wait for the corresponding remote storage element(s) to poll for requests.
  • the process continues to loop back to block 210 to accumulate more authenticated network client requests.
  • the network server manager sends a response back in block 230.
  • the response includes any data that was stored by the network server manager in the corresponding queue and that is to be processed by the particular remote storage element.
  • Requests can include a wide variety of functions including instructions to store data and instructions to initiate some function resident on a remote storage element.
  • Functions resident on a remote storage element could include functions such as reading and returning data, deleting data, moving data, executing software code, activating hardware resources, and the like.
  • the data may simply be an address or range of addresses to be read and returned.
  • the data could include a data payload along with an address or range of addresses to which the payload is to be stored.
  • the data could include some identifier of the software to be executed as well as a data payload to be processed by the software.
  • one embodiment of the network server manager just sends back an "empty" response.
  • the network server manager since the network server manager cannot contact a remote storage element except in response to a request from the remote storage element, the network server manager holds the request from the remote storage element. In which case, when and if a network client request is received that corresponds to the particular remote storage element, the network server manager can send the appropriate data to the remote storage element in response to the held request.
  • Any number of approaches can be used to manage the accumulation and correlation of network client requests and storage element requests. For instance, if a remote storage element sends requests several times per second, it may not be necessary to hold requests from that remote storage element. If a remote storage element is only intermittently connected to the network, it may not help to hold a request from that remote storage element, or it may not help to hold a request from that remote storage element for more than a brief period of time, because the remote storage element may not be available to receive the request when and if it is sent, resulting in the possible loss of data.
  • Various optimizations can also be applied to queued requests. For instance, if a network client repeatedly sends a request until the network client receives a response, a queued request from the network client may be overwritten by a subsequent equivalent request. Consequently, only one equivalent request from the network client is queued at any one time.
  • the request from the remote storage element may include data that is needed by the network server manager to complete a previously received network client request.
  • a previously received network client request may have been a read operation.
  • the data included in the storage element request may include the data that the network client requested.
  • the network server manager directs any received data according to the corresponding, previously received network client request.
  • the network server manager may store network client requests even after sending data corresponding to the requests to a remote storage element so that when the remote storage element returns the requested data, the network server manager knows what to do with the data.
  • the network server manager sends an entire network client request to the corresponding remote storage element and completely deletes any remnant of the request from the queue.
  • the remote storage element when the remote storage element returns a response to the request to the network server manager, the remote storage element includes instructions for the network server manager to direct the response to the appropriate recipient.
  • Various alternate embodiments can divide responsibility for routing responses based on a variety of factors such as the processing power and sophistication of particular remote storage elements compared to the processing power and sophistication of the network server manager. For instance, a small, hand-held remote storage element may not be expected to manage routing of responses, but a large scale computer remote storage element may be expected to manage its own routing.
  • the data received from the remote storage element will be routed according.
  • the data For a read operation, the data is likely to be sent back to the network client in the form of a response to the network client's request.
  • the data For a move operation, the data may be directed to another remote storage element. In which case, the data may need to be stored in a queue corresponding to the target remote storage element until a request from the target storage element is received.
  • the network server manager may be able to immediately direct the data to the target storage element in the form of a response to the held request.
  • Alternate embodiments of the process illustrated in Figure 2 may include a variety of additional elements.
  • a remote storage element may initiate two different kinds of requests. One request may be used solely to poll the network server manager for network client requests. Another request may be used solely to return data in response to a network client request. In which case, the process of Figure 2 would need to be modified to include separate elements to handle the two different kinds of storage element requests.
  • the network server manager may need to hold network client requests for an extended period of time where, for instance, a remote storage element corresponding to the request is only intermittently connected to the network. In which case, the network server manager may return a response to a network client after some predetermined duration to inform the network client that the requested data is not yet available and to instruct the network client to inquire again later. In this embodiment, when and if the requested data is returned, the network server manager may have to store the data for a period of time until the network client initiates another request for the data.
  • Figure 3 demonstrates one embodiment of the present invention from the perspective of a remote storage element.
  • the remote storage element sends a request to the network server manager to poll for network client requests to be processed by the remote storage element.
  • the remote storage element receives a response including an indication of any new network client requests corresponding to the remote storage element that may have accumulated at the network server manager.
  • the indication of the requests includes data to be stored and/or locations of data to be read and returned.
  • data sent to the remote storage element in response to polling the network server manager can take many forms, including entire network client requests.
  • the remote storage element stores any received data.
  • the remote storage element may or may not receive any data that needs to be stored.
  • certain types of requests such as read requests, may not require any data to be stored.
  • the remote storage element retrieves any indicated data and, if data is indicated, sends the data back to the network server manager in the form of a new request.
  • the new request performs the double functions of returning requested data and polling for new network client requests, and the network server manager directs the returned data according to the stored network client request.
  • alternate embodiments may use separate requests for returning requested data and polling for new requests, and alternate embodiments may return instructions for the network server manager to direct the requested data so that the network server manager does not need to retain network client requests after they are sent to a corresponding remote storage element.
  • each request from the remote storage element performs the duel rolls of returning any requested data and polling for new requests so the remote storage element will expect a response.
  • the process continues on to block 360 to wait for a period of time.
  • the duration between requests depends on a number of factors including the type of data stored, the type of remote storage element, the kind of access the remote storage element has to the network, and the like.
  • the remote storage element automatically determines a duration between requests based on various factors such as those described above.
  • the remote storage element is configured to send requests after certain duration, or is instructed to send a request at a particular time, by, for instance, a user of the remote storage element or by the network server manager. In the latter case, the network server manager can include an instruction in a current request for when the remote storage element should next send a request. In any event, after waiting some period of time, the process loops back to block 310 to send the next request to poll for new network client requests.
  • a remote storage element may make several iterations through the illustrated process. In which case, if the network server manager retains network client requests until the remote storage element completes servicing the request, the network server manager may need to keep track of which network client requests have already been sent to the remote storage element in order to prevent the same outstanding request from being sent more than once.
  • the remote storage element can include functionality to recognize repeat network client requests.
  • Alternate embodiments may include a variety of additional elements. As discussed above, depending on the extent to which administrative functions are performed by either remote storage elements or the network server manager, the illustrated process may be more complex. For instance, the remote storage element may need to have knowledge of the topology of the inventive distributed server and/or the address of a given network client in order to instruct the network server manager how to route a given response.
  • Figure 4 illustrates one embodiment of a hardware system intended to represent a broad category of computer systems such as personal computers, workstations, and/or embedded systems.
  • the hardware system includes processor 410 coupled to high speed bus 405, which is coupled to input/output (I/O) bus 415 through bus bridge 430.
  • Temporary memory 420 is coupled to bus 505.
  • Permanent memory 440 is coupled to bus 415.
  • I/O device(s) 450 is also coupled to bus 415.
  • I/O device(s) 450 may include a display device, a keyboard, one or more external network interfaces, etc.
  • temporary memory 420 may be on-chip with processor 410.
  • permanent memory 440 may be eliminated and temporary memory 420 may be replaced with an electrically erasable programmable read only memory (EEPROM), wherein software routines are executed in place from the EEPROM.
  • EEPROM electrically erasable programmable read only memory
  • Some implementations may employ a single bus, to which all of the components are coupled, or one or more additional buses and bus bridges to which various additional components can be coupled.
  • EEPROM electrically erasable programmable read only memory
  • Additional components may include additional processors, a CD ROM drive, additional memories, and other peripheral components known in the art.
  • One component in particular that may be included in the hardware system of Figure 4 for implementation of the present invention is a random number generator for security purposes.
  • communications among the network server manager 110 and the various remote storage elements 120 in Figure 1 can be encrypted to provide secure communications among the distributed elements.
  • Security is only as strong as the keys used to encrypt the data. Keys are often generated using a deterministic algorithm based on some starting number. If the starting number is a predictable value, such as the current date or time of day, the cryptographic keys are more easily compromised, leaving the distributed storage vulnerable to attack. If the starting number is truly random and unpredictable, as provided by a random number generator, the communications are much more secure.
  • the network server, remote storage elements, and the network clients are each implemented using one or more computers such as the hardware system of Figure 4.
  • the systems can be coupled to communicate over an external network, such as a local area network (LAN), an internet protocol (IP) network, etc.
  • the present invention is implemented as software routines executed by one or more execution units within the computer(s).
  • the software routines can be stored on a storage device, such as permanent memory 440.
  • the software routines can be machine executable instructions 510 stored using any machine readable storage medium 520, such as a diskette, CD-ROM, magnetic tape, digital video or versatile disk (DVD), laser disk, ROM, Flash memory, etc.
  • the series of instructions need not be stored locally, and could be received from a remote storage device, such as a server on a network, a CD ROM device, a floppy disk, etc., through, for instance, I/O device(s) 450 of Figure 4.
  • the instructions may be copied from the storage device into temporary memory 420 and then accessed and executed by processor 410.
  • these software routines are written in the C programming language. It is to be appreciated, however, that these routines may be implemented in any of a wide variety of programming languages.
  • the present invention is implemented in discrete hardware or firmware.
  • one or more application specific integrated circuits ASICs
  • one or more functions of the present invention could be implemented in one or more ASICs on additional circuit boards and the circuit boards could be inserted into the computer(s) described above.
  • field programmable gate arrays FPGAs
  • SPGA static programmable gate arrays
  • a combination of hardware and software could be used to implement one or more functions of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Multi Processors (AREA)

Abstract

L'invention concerne un serveur de réseau réparti qui comprend un gestionnaire de serveur de réseau et plusieurs éléments de mémoire éloignés répartis. Un client (NC) de réseau envoie au gestionnaire de serveur de réseau une première demande devant être traitée par un des éléments de mémoire éloignés. Le gestionnaire de serveur de réseau identifie l'élément de mémoire éloigné devant traiter cette première demande. Ces éléments de mémoire éloignés sont toutefois inaccessibles sauf en réponse à des demandes émanant des éléments de mémoire éloignés respectifs. Le gestionnaire de serveur de réseau attend alors de recevoir une seconde demande de la part des éléments de mémoire éloignés respectifs. Cette demande invite le gestionnaire de serveur à émettre toute demande de clients de réseau devant être traitées par l'élément de mémoire éloigné identifié. Le gestionnaire de serveur de réseau envoie à l'élément de mémoire éloigné identifié une réponse à cette seconde demande en joignant une indication de la première demande. Lorsque l'élément de mémoire éloigné identifié reçoit la réponse, il traite la demande jointe à cette réponse.
PCT/US2001/041937 2000-08-25 2001-08-27 Serveur reparti securise dans un reseau non securise WO2002017596A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001289168A AU2001289168A1 (en) 2000-08-25 2001-08-27 A secure distributed server in an insecure network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US64889700A 2000-08-25 2000-08-25
US09/648,897 2000-08-25

Publications (2)

Publication Number Publication Date
WO2002017596A2 true WO2002017596A2 (fr) 2002-02-28
WO2002017596A3 WO2002017596A3 (fr) 2002-10-10

Family

ID=24602657

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/041937 WO2002017596A2 (fr) 2000-08-25 2001-08-27 Serveur reparti securise dans un reseau non securise

Country Status (2)

Country Link
AU (1) AU2001289168A1 (fr)
WO (1) WO2002017596A2 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5838916A (en) * 1996-03-14 1998-11-17 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server
US5940594A (en) * 1996-05-31 1999-08-17 International Business Machines Corp. Distributed storage management system having a cache server and method therefor

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5838916A (en) * 1996-03-14 1998-11-17 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server
US5940594A (en) * 1996-05-31 1999-08-17 International Business Machines Corp. Distributed storage management system having a cache server and method therefor

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NANKMAN M A ET AL: "Specification of a distributed storage system" COMPUTER COMMUNICATIONS, ELSEVIER SCIENCE PUBLISHERS BV, AMSTERDAM, NL, vol. 19, no. 1, 1996, pages 30-38, XP004032387 ISSN: 0140-3664 *
TIERNEY B L ET AL: "Using high speed networks to enable distributed parallel image server systems" SUPERCOMPUTING '94., PROCEEDINGS WASHINGTON, DC, USA 14-18 NOV. 1994, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, 14 November 1994 (1994-11-14), pages 610-619, XP010100521 ISBN: 0-8186-6605-6 *

Also Published As

Publication number Publication date
WO2002017596A3 (fr) 2002-10-10
AU2001289168A1 (en) 2002-03-04

Similar Documents

Publication Publication Date Title
US11531732B2 (en) Systems and methods for providing identity assurance for decentralized applications
US8171558B2 (en) Inter-program authentication using dynamically-generated public/private key pairs
CN107005582B (zh) 一种使用存储在不同目录中的凭证来访问公共端点的方法
US6202159B1 (en) Vault controller dispatcher and methods of operation for handling interaction between browser sessions and vault processes in electronic business systems
JP3499680B2 (ja) スマート・カードからのプライベート鍵操作をホスト・ベースの暗号サービスと透過的に統合するシステム及び方法
JP4307448B2 (ja) 分散オブジェクトを単一表現として管理するシステムおよび方法
US6732277B1 (en) Method and apparatus for dynamically accessing security credentials and related information
US9094398B2 (en) Enhancing directory service authentication and authorization using contextual information
CN1585410B (zh) 通过网络提供scsi设备访问
EP1303097A2 (fr) Systeme virtuel réparti de sécurité
US11777914B1 (en) Virtual cryptographic module with load balancer and cryptographic module fleet
US7752452B2 (en) Dynamic cache lookup based on dynamic data
US20080127322A1 (en) Solicited remote control in an interactive management system
JP2017507563A (ja) トラフィックポリシーの実施をサポートするエンティティハンドルレジストリ
US10165008B2 (en) Using events to identify a user and enforce policies
US7600253B1 (en) Entity correlation service
US9191201B1 (en) Optimizing secure communications
US11418342B2 (en) System and methods for data exchange using a distributed ledger
US10158610B2 (en) Secure application communication system
US7631179B2 (en) System, method and apparatus for securing network data
WO2002017596A2 (fr) Serveur reparti securise dans un reseau non securise
Pesonen A capability-based access control architecture for multi-domain publish/subscribe systems
RADHA et al. Anonymous Access Control and User Revocation with Log Management in Cloud
Cao et al. Grid security gateway on RADIUS and packet filter
Anderson et al. Subtransport Level: The Right Place for End-to-End Security Mechanisms

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP